Multiple Weaknesses in Mitel 6700/6800 series SIP phones

Two vulnerabilities have been discovered in Mitel 6700 and 6800-series SIP phones. Successful exploitation could lead to denial of service or unauthorized access to phone functions or data.

Detailed Description

The following security vulnerabilities have been identified:

Remote denial of service vulnerabilityA Proof of Concept exists whereby a well-crafted HTTP POST command could be sent to the phone to initiate a soft-reset without checking any credentials.

Code injection vulnerabilityThe phone does not protect from a coordinated attack whereby unauthorized modification of a server system configuration file could allow javascript execution in the client browser.